CVE-2010-1163
published 2010-04-16CVE-2010-1163: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.7.2p6-1 (bookworm) | sudo 1.7.2p6-1 (bookworm) |
| sudo_project | sudo | >= 0 < 1.7.2p6-1 | 1.7.2p6-1 |
| sudo_project | sudo | >= 0 < 1.7.2p6-1 | 1.7.2p6-1 |
| sudo_project | sudo | >= 0 < 1.7.2p6-1 | 1.7.2p6-1 |
| sudo_project | sudo | >= 0 < 1.7.2p6-1 | 1.7.2p6-1 |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM